Description
Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. Prior to 0.16.0, gitsign verify and gitsign verify-tag re-encode commit/tag objects through go-git's EncodeWithoutSignature before checking the signature, instead of verifying against the raw git object bytes. For malformed objects with duplicate tree headers, git-core and go-git parse different trees: git-core uses the first, go-git uses the second. A signature crafted over the go-git-normalized form (second tree) passes gitsign verify while git-core resolves the commit to a completely different tree. This breaks the invariant that a verified signature, the commit semantics git-core presents to users, and the object hash logged in Rekor all refer to the same content. This vulnerability is fixed in 0.16.0.
Published: 2026-05-15
Score: 5.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

gitsign verifies Git commit signatures by re‑encoding commit objects using go‑git's EncodeWithoutSignature before checking the signature, rather than verifying against the raw git object bytes. This behavior allows a crafted signature over a go‑git‑normalized form of a malformed commit—specifically one with duplicate tree headers—to pass verification while the actual git‑core representation resolves to a different tree. Consequently, an attacker can submit a commit that appears valid under gitsign verification but actually differs in content when viewed by git‑core, breaking the trust chain between the signed commit, the displayed commit content, and the logged object hash in Rekor. The weakness stems from CWE‑295 and CWE‑347.

Affected Systems

sigstore's gitsign tool, versions prior to 0.16.0, on any platform where gitsign is used to verify Git commits or tags. Users of command‑line gitsign verify or gitsign verify‑tag are directly affected.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate severity. Because the EPSS score is not available, the likelihood of exploitation cannot be quantified, but the vulnerability is not identified in CISA KEV. The attack requires an attacker to supply a malformed commit with duplicate tree headers that passes go‑git normalization, and then run gitsign verify against it. This could be executed locally on a compromised system or via a build pipeline that trusts gitsign to validate commits. Although no remote network‑facing vector is explicitly described, compromised or malicious build environments represent realistic scenarios. Therefore, organizations should consider the risk moderate and proceed with remediation promptly.

Generated by OpenCVE AI on May 15, 2026 at 17:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to gitsign version 0.16.0 or newer to apply the fix that verifies against the raw git object bytes.
  • Configure build pipelines or continuous‑integration workflows to use the updated gitsign tool and ensure that only commits originating from trusted sources are verified.
  • Validate commit trees for duplicate headers before running verification, or use git‑core directly for verification when possible to guarantee consistency between the signed content and the presented commit.

Generated by OpenCVE AI on May 15, 2026 at 17:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-7rmh-48mx-2vwc gitsign verify accepts signatures over go-git-normalized bytes, enabling trust confusion on malformed commits
History

Fri, 15 May 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 15 May 2026 17:45:00 +0000

Type Values Removed Values Added
First Time appeared Sigstore
Sigstore gitsign
Vendors & Products Sigstore
Sigstore gitsign

Fri, 15 May 2026 16:45:00 +0000

Type Values Removed Values Added
Description Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. Prior to 0.16.0, gitsign verify and gitsign verify-tag re-encode commit/tag objects through go-git's EncodeWithoutSignature before checking the signature, instead of verifying against the raw git object bytes. For malformed objects with duplicate tree headers, git-core and go-git parse different trees: git-core uses the first, go-git uses the second. A signature crafted over the go-git-normalized form (second tree) passes gitsign verify while git-core resolves the commit to a completely different tree. This breaks the invariant that a verified signature, the commit semantics git-core presents to users, and the object hash logged in Rekor all refer to the same content. This vulnerability is fixed in 0.16.0.
Title gitsign verify accepts signatures over go-git-normalized bytes, enabling trust confusion on malformed commits
Weaknesses CWE-295
CWE-347
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N'}

Subscriptions

Sigstore Gitsign
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-15T17:43:59.446Z

Reserved: 2026-05-05T19:00:06.021Z

Link: CVE-2026-44309

cve-icon Vulnrichment

Updated: 2026-05-15T17:42:44.620Z

cve-icon NVD

Status : Received

Published: 2026-05-15T17:16:47.297

Modified: 2026-05-15T18:16:25.703

Link: CVE-2026-44309

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-15T17:30:04Z

Weaknesses